Method and system for controlling subscriber access in a network capable of establishing connections with a plurality of domain sites
First Claim
1. An access server capable of allowing subscribers of a communications system to gain exclusive access to a domain site associated with a virtual circuit, said access server comprising:
- a memory device capable of storing a domain list table and a tunnel ID table, said domain list table including a plurality of virtual circuit identifiers and associated domain site identifiers, said tunnel ID table including a plurality of domain names and associated tunnel IDs;
an authorized domain list determiner capable of determining an authorized domain list based upon said domain list table and a domain site identifier with a Point-to-Point Protocol (PPP) authentication request, said PPP authentication request received on a virtual circuit having a virtual circuit identifier;
an assessor capable of determining whether said domain site identifier within said PPP authentication request is in said authorized domain list;
a tunnel ID determiner capable of determining a tunnel ID based upon said tunnel ID table and said domain site identifier; and
an authorizer capable of granting subscribers domain site access based upon said authorized domain list.
1 Assignment
0 Petitions
Accused Products
Abstract
A method for controlling subscriber access in a network capable of establishing connections with a plurality of domains includes receiving a communication from a subscriber using a first communication network coupled to at least one other communication network, the communication optionally including a domain identifier associated with a domain on the at least one other communication network, determining whether the subscriber is authorized to access the domain based upon the domain identifier and a list of authorized domains for a virtual circuit used to receive the communication and authorizing subscriber access to the domain when the domain identifier is included in the list. An access server includes a tunnel ID request generator and an authorizer. The tunnel ID request generator generates a tunnel ID request that includes a virtual circuit identifier associated with a virtual circuit used to accept a PPP authentication request. The authorizer grants subscribers domain access based upon a list of authorized domains for the virtual circuit.
183 Citations
15 Claims
-
1. An access server capable of allowing subscribers of a communications system to gain exclusive access to a domain site associated with a virtual circuit, said access server comprising:
-
a memory device capable of storing a domain list table and a tunnel ID table, said domain list table including a plurality of virtual circuit identifiers and associated domain site identifiers, said tunnel ID table including a plurality of domain names and associated tunnel IDs; an authorized domain list determiner capable of determining an authorized domain list based upon said domain list table and a domain site identifier with a Point-to-Point Protocol (PPP) authentication request, said PPP authentication request received on a virtual circuit having a virtual circuit identifier; an assessor capable of determining whether said domain site identifier within said PPP authentication request is in said authorized domain list; a tunnel ID determiner capable of determining a tunnel ID based upon said tunnel ID table and said domain site identifier; and an authorizer capable of granting subscribers domain site access based upon said authorized domain list. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method for controlling subscriber access in a network capable of establishing connections with a plurality of domain sites, comprising:
-
receiving an L2TP session from a subscriber using a first communication network coupled to at least one other communication network, said L2TP session optionally including a domain site identifier associated with a domain site on said at least one other communication network; determining whether said subscriber is authorized to access said domain site based upon said domain site identifier and a list of authorized domain sites for a virtual circuit through which said L2TP session is received, said determining comprising; issuing an authorized domain list request including a virtual circuit identifier; receiving an authorized domain list that includes domain site identifiers of authorized domain sites for said virtual circuit identifier; indicating said domain site is unauthorized when said domain site identifier included in said L2TP session is not in said authorized domain list; indicating said domain site is authorized when said domain site identifier is in said authorized domain list; issuing a tunnel ID request including said domain site identifier when said domain site is authorized; receiving a tunnel ID; and assigning said tunnel ID; and authorizing subscriber access to said domain site when said domain site identifier is included in said authorized domain list, wherein said L2TP session is forwarded onto a tunnel associated with said tunnel ID when said subscriber is authorized to access said domain site. - View Dependent Claims (7, 8)
-
-
9. A method for controlling subscriber access in a network capable of establishing connections with a plurality of domain sites, comprising:
-
receiving an L2TP session from a subscriber using a first communication network coupled to at least one other communication network, said L2TP session optionally including a domain site identifier associated with a domain site on said at least one other communication network; determining whether said subscriber is authorized to access said domain site based upon said domain site identifier and a list of authorized domain sites for a virtual circuit through which said L2TP session is received, said determining comprising; performing a table lookup based on a virtual circuit identifier to obtain an authorized domain list that includes domain site identifiers of authorized domain sites for said virtual circuit identifier; indicating said domain site is unauthorized when said domain site identifier included in said L2TP session is not in said authorized domain list; indicating said domain site is authorized when said domain site identifier included in said L2TP session is in said authorized domain list; performing a table lookup based on said domain site identifier to obtain a tunnel ID when said domain site is authorized; and assigning said tunnel ID; and authorizing subscriber access to said domain site when said domain site identifier is included in said authorized domain list, wherein said L2TP session is forwarded onto a tunnel associated with said tunnel ID when said subscriber is authorized to access said domain site. - View Dependent Claims (10)
-
-
11. A program storage device readable by a machine, embodying a program of instructions executable by the machine to perform a method to control subscriber access in a network capable of establishing connections with a plurality of domain sites, the method comprising:
-
receiving an L2TP session from a subscriber using a first communication network coupled to at least one other communication network, said L2TP session optionally including a domain site identifier associated with a domain site on said at least one other communication network; determining whether said subscriber is authorized to access said domain site based upon said domain site identifier and a list of authorized domain sites for a virtual circuit through which said L2TP session is received, said determining comprising; issuing an authorized domain list request including a virtual circuit identifier; receiving an authorized domain list that includes authorized domain site for said virtual circuit identifier; indicating said domain site is unauthorized when said domain site identifier included in said L2TP session is not in said authorized domain list; indicating said domain site is authorized when said domain site identifier included in said L2TP session is in said authorized domain list; issuing a tunnel ID request including said domain site identifier when said domain site is authorized; receiving a tunnel ID; and assigning said tunnel ID; and authorizing subscriber access to said domain site when said domain site identifier is included in said authorized domain list, wherein said L2TP session is forwarded onto a tunnel associated with said tunnel ID when said subscriber is authorized to access said domain site. - View Dependent Claims (12, 13)
-
-
14. A program storage device readable by a machine, embodying a program of instructions executable by the machine to perform a method to control subscriber access in a network capable of establishing connections with a plurality of domain sites, the method comprising:
-
receiving an L2TP session from a subscriber using a first communication network coupled to at least one other communication network, said L2TP session optionally including a domain site identifier associated with a domain site on said at least one other communication network; determining whether said subscriber is authorized to access said domain site based upon said domain site identifier and a list of authorized domain sites for a virtual circuit through which said L2TP session is received, said determining comprising; performing a table lookup based on a virtual circuit identifier to obtain an authorized domain list that includes domain site identifiers of authorized domain sites for said virtual circuit identifier; indicating said domain site is unauthorized when said domain site identifier included in said L2TP session is not in said authorized domain list; indicating said domain site is authorized when said domain site identifier included in said L2TP session is in said authorized domain list; performing a table lookup based on said domain site identifier to obtain a tunnel ID when said domain site is authorized; and assigning said tunnel ID; and authorizing subscriber access to said domain site when said domain site identifier is included in said authorized domain list, wherein said L2TP session is forwarded onto a tunnel associated with said tunnel ID when said subscriber is authorized to access said domain site. - View Dependent Claims (15)
-
Specification